Hi,
On 18/05/2017 10:45, nusenu wrote:>> Currently, my server hosting kitten1 and kitten2 (tor guard and fallback
directory) is under seizure since 14/05 11h.
butplease revoke
immediatly kitten1 & kitten2 tor node. Those nodes are also fallback directory.
I don't know any context or background but if you fear this could happen
end to use tor's OfflineMasterKey feature (without
copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it).
This feature is interesting and I did not know about it. However, I have been reading the documentation page[1] and I have the impression that the more I read the less I understand how it works.
If I look inside the DataDir of one of my relays - a standard Debian install - see this: ``` ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.old ```
So, here some of the things I think I have understood: * Tor uses a ed25519 key to generate the other keys need to decrypt incoming traffic and route it to its next destination on the network. I don't know how this works in practice, but probably it is too much detail at the moment. * In the standard install the master key is the `ed25519_master_id_secret_key` above, which has no passphrase. * If in `torrc` we declare `OfflineMasterKey 1` then the `ed25519_master_id_secret_key` will not reside anymore on the relay but on a separate machine. * In the process of generating the master key (with the command `tor --keygen`, all the files above will be generated. * To run the node with `OfflineMasterKey 1` you need to copy all the files generated in the previous step *with the exception of the master key*.
I had also a few questions: * is the above correct? * if I use the offline master key protected with a passphrase will I need to input the passphrase every time I restart Tor (I have in mind what Apache does when you restart it and have certificates protected with a passphrase)? * Assuming that I am going to use a separate machine to generate the master key I need to make sure that the version of Tor on the machine that I use to generate the key and the relay?
Thanks for your help.
Cristian
[1]: https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKe...
Cristian Consonni:
On 18/05/2017 10:45, nusenu wrote:>> I don't know any context or background but if you fear this could happen end to use tor's OfflineMasterKey feature (without
copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it).
This feature is interesting and I did not know about it. However, I have been reading the documentation page[1] and I have the impression that the more I read the less I understand how it works.
Since I know you use(d)? ansible-relayor: ansible-relayor uses the OfflineMasterKey feature by default (and can not be disabled)
If I look inside the DataDir of one of my relays - a standard Debian install - see this:
ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.oldSo, here some of the things I think I have understood:
- Tor uses a ed25519 key to generate the other keys need to decrypt
incoming traffic and route it to its next destination on the network. I don't know how this works in practice, but probably it is too much detail at the moment.
I don't think that is accurate. Lets agree on: Since tor 0.3.0.x the Ed25519 key is used to authenticate non-persistent keys (link connections to relays).
- In the standard install the master key is the
`ed25519_master_id_secret_key` above, which has no passphrase.
I agree.
- If in `torrc` we declare `OfflineMasterKey 1` then the
`ed25519_master_id_secret_key` will not reside anymore on the relay but on a separate machine.
if you replace "will not" with "can" it is accurate. The torrc option can not say anything about the location of the master key (other machine, same machine or usual folder, ...). It just says that tor will not attempt to load/read the master key.
- In the process of generating the master key (with the command `tor
--keygen`, all the files above will be generated.
--keygen will generate the following files in the "keys" subfolder of DataDir:
ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key
(RSA keys will be generated on a relay's first start if there are none) Due to its interactive requirement I do not use --keygen to generate keys. https://trac.torproject.org/projects/tor/ticket/17603
- To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.
more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files: (this is the absolute minimum):
ed25519_signing_cert ed25519_signing_secret_key
I had also a few questions:
- if I use the offline master key protected with a passphrase will I
need to input the passphrase every time I restart Tor
No, the passphrase is only needed when you access the passphrase-protected master key (and that should not be located on the relay).
If you choose to protect your master key with a passphrase you will only need your passphrase everytime you renew your _online_ key/cert.
- Assuming that I am going to use a separate machine to generate the
master key I need to make sure that the version of Tor on the machine that I use to generate the key and the relay?
Running the same version certainly does not hurt but technically running any tor version that has Ed25519 support works ( >= 0.2.7.x)
Reminder: When you play around with this feature: always make sure to keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA key remains, your relay will be rejected since these keys are pinned (for security).
hope this helps, nusenu
Hi nusenu,
thanks for your reply.
On 27/05/2017 00:08, nusenu wrote:
If I look inside the DataDir of one of my relays - a standard Debian install - see this:
ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.old
- In the process of generating the master key (with the command `tor
--keygen`, all the files above will be generated.
--keygen will generate the following files in the "keys" subfolder of DataDir:
ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key
(RSA keys will be generated on a relay's first start if there are none) Due to its interactive requirement I do not use --keygen to generate keys. https://trac.torproject.org/projects/tor/ticket/17603
Which one are the RSA keys and which one the ED25519 ones? I'm assuming the RSA keys are the ones generated in the standard install (the one above without ED25519 in the name), instead the command tor --keygen generates only ED25519 keys?
- To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.
more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files: (this is the absolute minimum):
ed25519_signing_cert ed25519_signing_secret_key
Here you list only 2 files, which one is the third?
Reminder: When you play around with this feature: always make sure to keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA key remains, your relay will be rejected since these keys are pinned (for security).
I should keep the files: ``` secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.old ``` should be kept of the relay, do they matter?
Cristian
Which one are the RSA keys and which one the ED25519 ones?
Ed25519 master: ed25519_master_id_public_key ed25519_master_id_secret_key Ed25519 signing: ed25519_signing_cert ed25519_signing_secret_key
RSA: secret_id_key
- To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.
more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files: (this is the absolute minimum):
ed25519_signing_cert ed25519_signing_secret_key
Here you list only 2 files, which one is the third?
since I'm copying also the RSA key I initially wrote "3" but since it is not required I removed it (it gets generated if there is none)
Reminder: When you play around with this feature: always make sure to keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA key remains, your relay will be rejected since these keys are pinned (for security).
I should keep the files:
secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.oldshould be kept of the relay, do they matter?
keep the /keys subfolder of your datadir and you are fine (you don't need them all but it does not hurt)
On 1 Jun 2017, at 02:59, nusenu nusenu-lists@riseup.net wrote:
- To run the node with `OfflineMasterKey 1` you need to copy all the
files generated in the previous step *with the exception of the master key*.
more precisely: a relay in "OfflineMasterKey 1" mode requires 3 files: (this is the absolute minimum):
ed25519_signing_cert ed25519_signing_secret_key
Here you list only 2 files, which one is the third?
since I'm copying also the RSA key I initially wrote "3" but since it is not required I removed it (it gets generated if there is none)
You must keep the same pair of RSA and ed25519 keys. Or you must create new RSA and ed25519 keys at the same time.
If you don't, your relay will be rejected from the network some time soon.
Reminder: When you play around with this feature: always make sure to keep your Ed25519 + RSA keys. If your Ed25519 key changes while the RSA key remains, your relay will be rejected since these keys are pinned (for security).
I should keep the files:
secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.oldshould be kept of the relay, do they matter?
keep the /keys subfolder of your datadir and you are fine (you don't need them all but it does not hurt)
You should keep the onion keys because clients use them to connect to your relay. If you don't, it will take a few hours for clients to learn the new ones.
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Cristian Consonni:
Which one are the RSA keys and which one the ED25519 ones?
tor-relays@lists.torproject.org
-
Cristian Consonni -
nusenu -
teor